PayPal fixes phishing hole

Web site flaw was being exploited in a scam to pilfer sensitive information from PayPal customers.

PayPal has fixed a flaw in its Web site to block a sophisticated scam designed to obtain sensitive data from members, the payment service said Friday.

By exploiting the flaw, attackers were able to redirect people from a PayPal Web page to an online trap located in South Korea, a representative for the service said. The page actually has a real PayPal URL, but hosts malicious code that presents a message warning members that their account had been compromised. It then redirects them to a "phishing" Web site.

At the malicious, information-thieving Web site, people are asked for their PayPal login information, experts at Netcraft, an Internet monitoring company in England, said in an advisory. Subsequently, the scammers are urged to enter their Social Security number and credit card details, Netcraft said.

"As soon as we became aware of this scheme, we changed some of the code on the PayPal Web site. So this scheme, or any scheme like it, can no longer be effective," Amanda Pires, a PayPal spokeswoman, said in an interview.

PayPal, a unit of online auctioneer eBay, is working with the Internet service provider that hosts the malicious site to get it shut down, Pires added. The company has no information on how many people may have fallen victim to the scam, she said.

Featured Video
6
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

An iPhone 6 prototype has one week of battery life

Apple's September 9th event is official, Intelligent Energy builds an iPhone 6 that lasts one week without a charge and will your iPad take direct phone calls?

by Brian Tong